Closed Ali-Reza8 closed 7 years ago
Hi there, You have to figurate if is it possible and the software is vulnerable, after that you can copy the structure of any plugin and create your own so evilgrade can support it.
Sniffing the traffic of the desired software in the exact moment when an update is being executed would be the first step. Then you'll need to check whether the update goes in plain text or https for starters... If it goes in plain text and is not signed properly then you probably have found a vulnerable updater.
Hi Is that possible to inject fake update for the software that I want? I would really appreciate if you could provide steps to this purpose.
thanks